@@ -54,10 +54,10 @@ public function deleteFile($file_id){
5454 }
5555
5656 //上传文件,返回url
57- public function upload ($ _files , $ file_key , $ uid , $ item_id = 0 , $ page_id = 0 ){
57+ public function upload ($ _files , $ file_key , $ uid , $ item_id = 0 , $ page_id = 0 , $ check_filename = true ){
5858 $ uploadFile = $ _files [$ file_key ] ;
5959
60- if ( !$ this ->isAllowedFilename ($ _files [$ file_key ]['name ' ]) ){
60+ if ( $ check_filename && !$ this ->isAllowedFilename ($ _files [$ file_key ]['name ' ]) ){
6161 return false ;
6262 }
6363
@@ -324,14 +324,12 @@ public function isDangerFilename($filename){
324324 public function isAllowedFilename ($ filename ){
325325 $ allow_array = array (
326326 '.jpg ' ,'.jpeg ' ,'.png ' ,'.bmp ' ,'.gif ' ,'.ico ' ,'.webp ' ,
327- '.mp3 ' ,'.wav ' ,'.mp4 ' ,
328- '.mov ' ,'.webmv ' ,'.flac ' ,'.mkv ' ,
327+ '.mp3 ' ,'.wav ' ,'.mp4 ' ,'.mov ' ,'.flac ' ,'.mkv ' ,
329328 '.zip ' ,'.tar ' ,'.gz ' ,'.tgz ' ,'.ipa ' ,'.apk ' ,'.rar ' ,'.iso ' ,
330- '.pdf ' ,'.ofd ' ,'.swf ' ,'.epub ' ,'.xps ' ,
331- '.doc ' ,'.docx ' ,'.wps ' ,
329+ '.pdf ' ,'.epub ' ,'.xps ' ,'.doc ' ,'.docx ' ,'.wps ' ,
332330 '.ppt ' ,'.pptx ' ,'.xls ' ,'.xlsx ' ,'.txt ' ,'.psd ' ,'.csv ' ,
333331 '.cer ' ,'.ppt ' ,'.pub ' ,'.json ' ,'.css ' ,
334- ) ;
332+ ) ;
335333
336334 $ ext = strtolower (substr ($ filename ,strripos ($ filename ,'. ' )) ); //获取文件扩展名(转为小写后)
337335 if (in_array ( $ ext , $ allow_array ) ){
0 commit comments